Why would you have to wipe a hard drive if the feds come knocking?
Dave
Dave
lont1963 said:Hello,
What is some good software to wipe a hard drive when the Feds come knocking quickly?
Arbentor said:I'm in the IT field and I've worked in high-availability/high security environments. I've had occasion to speak directly with people that perform data recovery from damaged or "erased" hard drives.
Methods in use and their efficacy:
Software:
Single or double pass full over-writes: Don't waste your time.
Full data writes with 7 or more passes: Works but nobody will guarantee it.
Physical:
Punching a hole, bending or scratching the surfaces of a platter: Unless you get most of all of the surfaces, data can be easily recovered by professionals. Do not trust these methods.
Full destruction: Metal shredder, acid bath or melting. This works reliably but it can be expensive.
Magnetic: A strong magnet (neodymium), wiped directly over the entire platter surface. I've yet to hear of successful recovery after this was done. Fast and cheap but you must be thorough. Good method but hard to validate or audit.
I dispose of ours through a company that documents each drive as it goes through a mechanical shredder. There is no other way that meets audit standards.
Geo said:If you are under government contract, I can understand total destruction. I have acquired lots from the Army Material Acquisition Command at Redstone Arsenal in Huntsville Al that required onsite destruction and there had to be an army liaison present to assure destruction before it left. Other than that, most scrappers are going to be working with the general population and short of tax fraud, ID theft or nudie pictures of someones wife, there's not going to be military secrets or life altering info stored on a home computer. In the every day real world, a three pound hammer should do the job nicely even if it is a bit loud.
silversaddle1 said:Arbentor said:I'm in the IT field and I've worked in high-availability/high security environments. I've had occasion to speak directly with people that perform data recovery from damaged or "erased" hard drives.
Methods in use and their efficacy:
Software:
Single or double pass full over-writes: Don't waste your time.
Full data writes with 7 or more passes: Works but nobody will guarantee it.
Physical:
Punching a hole, bending or scratching the surfaces of a platter: Unless you get most of all of the surfaces, data can be easily recovered by professionals. Do not trust these methods.
Full destruction: Metal shredder, acid bath or melting. This works reliably but it can be expensive.
Magnetic: A strong magnet (neodymium), wiped directly over the entire platter surface. I've yet to hear of successful recovery after this was done. Fast and cheap but you must be thorough. Good method but hard to validate or audit.
I dispose of ours through a company that documents each drive as it goes through a mechanical shredder. There is no other way that meets audit standards.
Well who's standards are you talking about? NIST 800-88 r1 states degaussing by a approver degausser and then crushing or bending meets their standards. You must use a DOD/NSA approved degausser to degauss the drives. Most degaussers are not approved.
Geo said:If you are under government contract, I can understand total destruction. I have acquired lots from the Army Material Acquisition Command at Redstone Arsenal in Huntsville Al that required onsite destruction and there had to be an army liaison present to assure destruction before it left. Other than that, most scrappers are going to be working with the general population and short of tax fraud, ID theft or nudie pictures of someones wife, there's not going to be military secrets or life altering info stored on a home computer. In the every day real world, a three pound hammer should do the job nicely even if it is a bit loud.
anachronism said:Under European GDPR legislation the hammer route doesn't cut the mustard and with no offense intended the US is years behind Europe in the protection of personal data. But Mark my words the time will come when all the free IT collections will cease there too.
You guys need to be innovative and get ahead of the curve and offer a proper service.
I'm typing this from my hotel room having destroyed over 5000 drives for a bank this weekend. The 42 tonnes of servers that came with, formed part of the deal so think on that and you'll be able to be ahead of the US bandwagon rather than watching it pass you.
snoman701 said:anachronism said:Under European GDPR legislation the hammer route doesn't cut the mustard and with no offense intended the US is years behind Europe in the protection of personal data. But Mark my words the time will come when all the free IT collections will cease there too.
You guys need to be innovative and get ahead of the curve and offer a proper service.
I'm typing this from my hotel room having destroyed over 5000 drives for a bank this weekend. The 42 tonnes of servers that came with, formed part of the deal so think on that and you'll be able to be ahead of the US bandwagon rather than watching it pass you.
It's not that the US is without regulation, only that it is without pre-emptive enforcement, a serious data breach by a small time operation will end with prosecution. My guess is that the prosecution, likely by the FBI since is it sure to be crossing state lines at some point, which also means that the operation will end up with an IRS audit, depending upon the amount of people screaming for blood. The regulations are state specific, but do exist. There are plenty of operations offering a proper service, with liability insurance in place to cover missteps.
Your operation is considerably larger than almost anyone who posts on this forum. Those operations that are of the same size as you, offer the same services, and they charge for them just as you do. It's not a curve that most can begin to understand. It's also not a field that is easy to enter in to. There's a lot of homework to be done.
I think this is a common misunderstanding. The guys that are making it, backing their pickup truck up to a loading dock and making off with a couple hundred in scrap...they aren't doing it because they are operating within regulations. They aren't state approved electronic recyclers. They aren't RIOS certified.
They don't have their paperwork or their procedures in place to be ISO certified. They haven't paid any municipal bonding. They have NOTHING to lose. As such, they aren't within range of affordable liability insurance. They are doing it because the operations manager of that particular company is likely lazy, and doesn't care enough to do their due dilligence to see that they are disposing of their own data according to the law. (the law in this case is largely dictated by tax code and labor code)
So lay it all out for the readers.silversaddle1 said:snoman701 said:anachronism said:Under European GDPR legislation the hammer route doesn't cut the mustard and with no offense intended the US is years behind Europe in the protection of personal data. But Mark my words the time will come when all the free IT collections will cease there too.
You guys need to be innovative and get ahead of the curve and offer a proper service.
I'm typing this from my hotel room having destroyed over 5000 drives for a bank this weekend. The 42 tonnes of servers that came with, formed part of the deal so think on that and you'll be able to be ahead of the US bandwagon rather than watching it pass you.
It's not that the US is without regulation, only that it is without pre-emptive enforcement, a serious data breach by a small time operation will end with prosecution. My guess is that the prosecution, likely by the FBI since is it sure to be crossing state lines at some point, which also means that the operation will end up with an IRS audit, depending upon the amount of people screaming for blood. The regulations are state specific, but do exist. There are plenty of operations offering a proper service, with liability insurance in place to cover missteps.
Your operation is considerably larger than almost anyone who posts on this forum. Those operations that are of the same size as you, offer the same services, and they charge for them just as you do. It's not a curve that most can begin to understand. It's also not a field that is easy to enter in to. There's a lot of homework to be done.
I think this is a common misunderstanding. The guys that are making it, backing their pickup truck up to a loading dock and making off with a couple hundred in scrap...they aren't doing it because they are operating within regulations. They aren't state approved electronic recyclers. They aren't RIOS certified.
They don't have their paperwork or their procedures in place to be ISO certified. They haven't paid any municipal bonding. They have NOTHING to lose. As such, they aren't within range of affordable liability insurance. They are doing it because the operations manager of that particular company is likely lazy, and doesn't care enough to do their due dilligence to see that they are disposing of their own data according to the law. (the law in this case is largely dictated by tax code and labor code)
I can find so many things wrong with this statement, I don't even know where to begin.
Enter your email address to join: